BlockThreat - Week 37, 2023
CoinEx | Fortress | Retool | Remitano | Remilia | Mark Cuban
Multiple cryptocurrency exchanges revealed hot wallet compromises this week for more than $76,000,000 in combined losses.
CoinEx was hit the worst with $54m in losses by the North Korean Lazarus group. The exchange security team acknowledged the compromise more than 4 hours after attackers’ first transaction which was unfortunately too late.
Ripple revealed that their recent acquisition, Fortress, did in fact lose $15m of customer assets following the Retool compromise earlier this month. The compromise was attributed to a financially motivated APT called 0ktapus aka Scattered Spider. The big takeaways were don’t use the Google Authenticator backup feature and be mindful of your 3rd party integrations which can serve as gateways to your treasures.
Remitano also blamed an unidentified 3rd party service when it lost $2.7m. Were they another Retool customer? The compromise had a happy ending as most of the stolen assets were frozen by Tether thanks to a rapid community response. Remitano acknowledged the hack 20 hours later.
The last, but not least hack is Mark Cuban’s massive $870k wallet drained which could have been much worse if not for a timely transfer of remaining assets. Malware leading to private key compromise is the likely culprit.
To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.
It’s been awhile since we covered more than a single hot wallet and private key compromises in a single week. Bad actors have clearly refocused on more traditional attack vectors such as phishing and infrastructure compromises. Smart contract exploits on the other hand resulted in under $100,000 losses. Is DeFi getting more secure triggering a renewed focus on centralized finance? We will see if the trend holds in the next few weeks. In the meantime, don’t relax your efforts to build up monitoring and incident response capabilities. You could be next.
Let’s dive into the news!
Twitter opsec PSA: Remove any phone numbers from your Twitter account.
USDT Approval Mining, Liquidity Mining & Sha Zhu Pans losses dashboard by tayvano. More than $340m were stolen to date.
TikTok cryptocurrency scam promises high rewards to lure victims.
Pink Drainer techniques thread by Boring Security.
Planet Money - How to launder $600 million on the internet episode dives into the Axie Infinity compromise and the rogue nation state responsible.
Browsing for Bugs: Finding and Reporting a $3M Bug in Premia Finance by Ayaz Mammadov, Zellic
A Dive into Storage Packing by Ditto.
Liquidation Security Checklist by bytes032.
Collection of ZK security reviews by nullity00.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.